1. WEB Service Application working mechanism
- Listen, 80, or 443 ports.
- 80 is the normal HTTP protocol and 443 is HTTPS.
- Waiting for client requests
- Processing requests
- Save File
- Execute CGI Script
2. Create a simple Web service
Enter the Python edit mode from the terminal, entering the following code:
>>> >>> import socketserver >>> import simplehttpserver>> > >>> >>> Httpserver = Socketserver.tcpserver ((, 8888 ), Simplehttpserver.simplehttprequesthandler) >>> >>> >>> httpserver.serve_forever ()
You need to import the Socketserver and Simplehttpserver modules to create an instance of TCPServer that is bound to the ("",8888)
IP and 8888 ports of the machine. Server_forever () indicates continuous monitoring.
Open the browser, enter the native IP address and port number, and view the results:
The browser lists the files in the current directory, and then comes up with a blank server handling situation.
The IP on the left is inconsistent with my browser IP because I am using an agent, and there is not much to explain here. As for the 404 code, let's take a look at the small logo on the left side of the browser's address and click View, because identity is not verified.
This is true if you are only using Web services to list file lists. If you want to go further, provide different output services, for example you want different user access to output different results. As a security tester, you want to see the different parameters sent by the server, then take a look at the code:
#!/usr/bin/env python# _*_ Coding=utf-8 _*_ImportSocketserverImportSimplehttpserver#创建HTTPserver处理类, Inherit Simplehttpserver class httprequesthandler(simplehttpserver.simplehttprequesthandler): def do_get(self): ifSelf.path = ='/root ': Self.wfile.write (' This page was only for root ') Self.wfile.write (self.headers)Else: SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET (self) httpserver = Socketserver.tcpserver (("",8888), Httprequesthandler) Httpserver.serve_forever ()
Write yourself an HTTP processing class, and inherit Simplehttpserver, overriding the Do_get () method. Run this script and access it in a browser.
If you only enter the same address () as above, 10.128.175.36:8888
the result will be the same as before, but we'll go to the 10.128.175.36:8888/root
root directory and look at the results:
As a result, there is no access, and the details of the HTTP header have been dump out later. Including the host's IP and port, user-agent,accept and other information.
user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) applewebkit/537.36 (khtml, like Gecko) chrome/42.0.2311.135 safari/537.36
This user-agent describes the information about the native Google browser. It is useful to make a web crawler and forge an HTTP header.
Python Create Web Server